Claude Code Vulnerability Could Let Attackers Steal Credentials From GitHub, Says Microsoft
Microsoft disclosed a now-patched vulnerability in Anthropic’s Claude Code GitHub Action that could let attackers steal credentials from CI/CD pipelines by using prompt injection in GitHub issues, pull requests, or comments. Because AI coding agents in workflows often have access to API keys, cloud secrets, and other sensitive data, malicious repository content could influence the agent’s tool use and make it read restricted files. In Microsoft’s test, hidden instructions on an attacker-controlled domain bypassed some safety checks, causing Claude to access sensitive credentials, modify them to evade secret-scanning, and enable exfiltration through logs, comments, web requests, or shell commands. Anthropic fixed the issue in Claude Code 2.1.128 after Microsoft reported it through HackerOne. The core warning: untrusted inputs in developer workflows should be treated as hostile, since a single crafted comment may expose production secrets.
